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NETWORK SYSTEM, METHOD AND PROTOCOLS FOR HIERARCHICAL 
SERVICE AND CONTENT DISTRIBUTION VIA DIRECTORY ENABLED 

NETWORK 

5 Field of the Invention: 

The present invention relates to a method and systems for exchanging service routing 
information, and more particularly^ to a method and systems for management of hierarchi- 
cal service and content distribution via directory enabled network by protocols to dramati- 
cally improve the content delivery network performance, with a hierarchical service net- 
■El 0 work infrastructure design. 

;/] Background pf the Invention; 

H Web has emerged as one of the most powerful and critical media for B2B(Business-rto 

|Jt Buisiness), B2C(Business-to Consumer), and C2C(Consumer-to consumer) communica- 
Lyl 5 tion . Internet architecture was based on centralized servers delivering content or services 
to all points on the Internet Web traffic explosion has thus caused lots of Web server con> 
O gestion and Internet traffic jam. According, a content delivery network is designed as a 
;p network that requires a number of co-operating, content-aware network devices that work 
O one with another, in order to distribute content closer to users and locate the content at 
11=20 nearest location from subscriber upon request. 

;y ; The Internet routing protocol such as BGP, is designed to exchange large Internet routes 

among routers. The BGP, an exterior routing protocol, is connection-oriented and running 
on top of TCP, and will maintain the neighbor connection through keep-alive messages and 
synchronize the consistent routing information throughout the life of connection. However, 
25 the BGP would not exchange information in this web server centric Internet. Therefore, it 
would be helpful to have a service (in LDAP directory format) routing protocol to ex- 
change service information in a hierarchical way for service and content distribution man- 
agement via a directory enabled network so as to improve the performance of the content 
delivery network and service provision and management. 

30 Summary q{ the Invention; 

It is an object of the present invention to provide a novel network system having multi- 
ple levels for improving performance of the content delivery network via a hierarchical 
service network infrastructure design. 

35 A further object of the present invention is to provide a method and protocols as to howto 
deliver quality content through flow advertisement from server hop by hop to client with 
crank back when next hop is not available. In accordance with the foregoing and other 
objectives, the present invention proposes a novel network system and the method thereof 
for management of hierarchical service and content distribution via a directory enabled 
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network. The network system of the present invention comprises: 

The server will exchange service information with the level 1 service manager by our 
proprietary protocols that have been filed for parent application too. 

In order to manage such a scalable network, some concepts from Internet routing are 
5 utilized. The Internet routing protocol such as BGP is designed for the exchange of large 
Internet routes with its neighbors. The protocol vAlh exchange the information, among 
service managers in a hierarchical tree structure so as to help provide a better and scalable 
service provisioning and management. The information exchanged by this protocol is de- 
;3 fined as the very generic directory information schema format that is formed as part of the 
40 popular industry standard of LDAP (light weight directory access protocol). The protocol 
1j 1S named as DGP (directory Gateway Protocol), which is a directory information routing 
■--J protocol. Directory Gateway Protocol is similar to an exterior routing protocol BGP, ex- 
Z cept that the directory information is exchanged between DGP parent and child service 
manager The BGP 3 on the other hand, exchanges I? route information with its neighbors, 
, 1 5 Similar to BGP, the Directory Gateway Protocol is connection oriented and running on top 
°^ TCP attd will maintain the neighbor -connection through keep-alive messages and syn- 
5 chronize the consistent directory information throughout the life of connection. In the load 
-.ji balance among multiple data centers, the method of Proximity calculation *riH data center's 
3 loading factor is proposed to be used by DNS to select the best data center as the DNS 
responses to the subscriber. In the LAN environment, in orderto simultaneously update the 
information to the service devices and to improve performance, a reliable Multicast trans- 
port protocol is provided to satisfy this purpose. Running on top of this reliable Multicast 
transport protocol, a Reliable Multicast Directory Update Protocol is also provided to im- 
prove performance by multicasting of directory information in a way similar to the stan- 
25 dard LDAP operations. In order to manage this service network more efficiently, the Reli- 
able Multicast Management Protocol is also provided to deliver management information 
to the service devices simultaneously to improve performance and reduce management 
operation cost. In order to push the content closer to the subscriber, the use of cache is 
helpful, but the c a che content has to be maintained to be consistent with origin server. A 
3Q cache invalidation method through the DGP propagation is invented to help maintain the 
cache freshness for this content delivery network. In order to manage the network more 
efficiently, the method of dynamic discovery of Service Engines, Level 1 Service Manager 
and Level 2 Service Manager, is provided through the LAN multicast and link state routing 
protocors opaque link state packet flooding with service information. 
35 In order to support the content delivery which meets with quality requirement such as 
streaming media content, a method of delivering the content through flow advertisement 



-2- 



Re/: 21326 



from service engine hop by hop ro client with crank back (crank back when next hop is not 
available) is provided to work with or without other standard LAN or IP traffic engineering 
related protocols 

Brief Description of the Drawings: 

The above and other objects and advantages of the invention will be apparent upon con- 
sideration of the following detailed description, taken in conjunction with the accompany- 
ing drawings, in which the reference characters refer to like parts throughout and in which: 

FIG. 1 is a diagram illustrating Content Peering for Multiple CDN Networks in accor- 
dance with the system of the present invention; 

FIG. 2a is a diagram illustrating an Integrated Service Network of Multiple Data Centers 
in accordance with the system of the present invention; 

FIG. 2b is a diagram illustrating another Integrated Service Network of Multiple Data 
Centers in accordance with the system of the present invention; 

FIG. 3 is a diagram illustrating Service Manager and Caching Proxy Server Farm in a 
Data Center in accordance with the system of the present invention; 

FIG, 4 is a diagram illustrating Directory Information Multicast Update in Service Man- 
ager Farm in accordance with the system of the present invention; 

FIG, 5 is a sequence diagram illustrating Reliable Multicast Transport Protocol Sequen- 
ce in accordance with the method and system of the present invention; 

FIG, 6 is a sequence diagram illustrating Transport Multicast abort operation sequence 
in accordance with the method and system of the present invention; 

FIG. 7 is a sequence diagram illustrating Reliable Multicast Directory Update Protocol 
Sequence in accordance with the method qn<l system of the present invention; and 

FIG. S is a sequence diagram illustrating Reliable Multicast Management Protocol Se- 
quence in accordance with the method and system of the present invention. 

Detailed Description of the Invent inn 

Layers qf the Network System 

An embodiment of layers of the network system of the present invention is described 
with reference to FIG .1, FIG. 2a, and FIG. 2b. FIG. 1 is a diagram illustrating Content 
Peering for Multiple CDN Networks in accordance with the system of the present inven- 
tion. This hierarchical directory enabled network provides secure content distiibutipn and 
also other services. 

Services by this Network 
Web and Streaming Content distribution service, 
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Web and Streaming content hosting service, 
IPSEC VPN service, 
Managed firewall service 
And any other new TP services in the future. 
5 Components of this Hierarchica l Scalable Integrated Service Networks fETSISN) 

a. Devices 
Integrated Service Switch (ISS): 

IP switch that forward IP traffic based on service and flow specification. 
Service Erigine< Server). 

10 Service system (may come with special hardware) that process HTTP, cache, IPSEC, fire- 
wall or proxy etc. 
Service Manager 

A designated system running as management agent and also as LDAP server for UDAP 
search service and also running Directory Gateway Protocol with its parent Service Man- 
15 ager and child Service Manager to exchange directory information. 
LDAP Schema: 

Definition of the directory information, which are exchanged by service manager and 
searched by LDAP client . 
SNMP MIB: 

20 Definition of the management information* which are used between SNMP network man- 
ager and agent. 

Protocols 

Standard Protocols 

25 Existing Routing protocol (OSPF, BGP) is run on ISS to interoperate with other router in 
this network. 

Each server runs LDAP as a client; service manager also runs as LDAP server to serve the 
service engine LDAP search request. 

30 Protocols invented 

Service information protocol [patent pending in a separate application] 

Referring to FIG. S, it is run in a LAN or InfiniBand (a new I/O specification for servers) 
environment between ISS, service engines and level 1 Service manager to 
1. register/de-register/update service and service attributes 
35 2. service control advertisement - service engine congestion, redirect etc. 
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Unlimited service engines can be supported (extremely high scalability with multiple 
boxes). Service control advertisement will dynamically load-balance among service engi- 
nes because the ISS will forward messages based on these advertisement to available (less 
congested) service engine Keep-alive message between ISS and service manager will help 
5 detect the faulty device, which ISS will be removed from its available service engine list. 

Flow advertisement protocol [ p at ent pen ding in a S eparate application/ 

Q Initiated by service engine to ISS (application driven flow or session) 

H 1- Establish the flow in ISS to allow flow switching. 

110 2 The flow comes with flow attributes; one of the attributes is the QoS, 
^ Other flow attributes are also possible. 

M Flow attributes of QoS can enforce streaming content quality delivery requirement. 

y The flow will map to outside network by ISS to existing or future standards such as MPLS, 

3 DifiServ, 802. Ip, Cable Modem SID. 

Assigned Numbers Authority protocol [patent pending in a separate 
application] 

It controls any kind of numbers needed to be globally assigned to this subnet or LAN or 
InfiniBand. Things like LP address pool, MPLS label range, global interface number, 
HTTP cookies etc Designated service manager willJbe elected in each of the subnet (on 
behalf of service engine farm including ISS). The service type will be represented in a 
packet pattern matching way, so that different kinds of service engines can be mixed in the 
same subnet or LAN and ail different kinds of service engines can be represented by the 
same service manager 

Directory Gateway Protocol (DGP) 

Referring to FIG. 1 illustrating Content Peering for Multiple CDN Networks and 
Fig 2a and Fig2b, which illustrates Integrated Service Network of Multiple Data Centers, 
Directory Gateway Protocol (DGP) is defined as a directory information routing protocol. 
30 Directory Gateway Protocol utilizes similar concepts from exterior routing protocol BGP, 
except that the directory information is exchanged between DGP parent and child instead 
of IP routes exchanged between BGP neighbors. Similar to BGF, the Directory Gateway 
Protocol is connection-oriented and running on top of TCP and will maintain the neighbor 
connection through keep-alive message and synchronize the consistent directory informa- 
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tion during the life of connection. But the DGP connection is initiated from parent service 
manager to child service manager to avoid any connection conflict if both parent and child 
service manager try to initiate the DGP connection at the same time. To avoid any for- 
warding loop, the connection is not allowed between the same level service managers- It is 
5 only allowed between parent service manager and child service m a n ager although it is 
possible to have multiple back up parent service managers connected to the same child 
service manager to provide the child service manager the LDAP search service for redun- 
dancy reason. 

Level 1 service manager (on behalf of one service subnet) will establish a DGP connec- 

10 tion with its parent service manager(level 2 service manager). Usually the level 2 service 
manager will be running on behalf of the whole Data Center. 

Level 2 service manager will also establish a DGP connection with its parent service 
manager (Level 3 service manager). Usually the service manager of an origin server farm 
will also establish a DGP connection with its parent service manager (Level 2 or Level 3 

1 5 service manager) 

Level 3 service manager usually runs as DNS server, which will direct user request to 
different data center as a geographical load balancing. The DNS redirection decision can 
be made based on the service loading attribute updated by the service data center through 
DGP incremental updates and other attributes such as proximity to subscriber. 

20 The initial DGP connection will exchange the directory information based oh each 
other's directory information forwarding policy;, after the initial exchange, each service 
manager will only mcrementaUy update (add or withdraw) its directory information service 
and service attributes., content and content attributes and etc. to the other side. One of the 
service attributes is the loading factor (response time) of the service domain that the service 

25 manager represents, and one of the content attributes is the content location including ca- 
ched content location. The DGP packet types are OPEN, LDAP ADD, LDAP_DELETE, 
LD AP_MODEFY_ ADD, LDAP_MODIFY_REPLACE, LDAP_MODlFY DELETE, 
NOTIFICATION and KEEP ALIVE. 

Content change is treated as the content attribute (content time) change for that content, 

30 it will be propagated to the caching server that has the cached content (see Cached Content 
Invalidation Sequence section for detail). For frequently changed content, (like BGP) DGP 
supports directory information damping which will suppress the frequently changed di- 
rectory information propagation. Similar to BGP, DGP also supports policy-based for- 
warding between its parent and children service managers. It is recommended to apply the 

35 aggregation policy to aggregate directory information before forwarding. Also similar to 
BGP, the TCP MD5 will be used for authentication. 
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Proximity calculation 

As mentioned above, this is used with service loading attributes updated by each data 
center to make a DNS server direct a user's request to a best service data center as a 
5 geographical load balancing. Each IP destination (IP route, address and mask) will be as- 
sign with an (x, y) attribute, the x stands for longitude (between -1 80 to +180, but -180 and 
+1 80 is the same location because it earth is global) and y stands for latitude (between —90 
to +90) on earth where the IP destination is physically located. 
Assume that the subscriber s source address match as the longest prefix of an IP destina- 
1 0 tion with (xl 3 y 1 ) attribute and the Data Center's IP address prefix has the attribute of (x2„ 

y2). 

If the j xl — x2! 1 80, the distance between the subscriber and data center is 
2 2 1/2 

15 ((xl-x2) + (yl-y2)) 

If the j xl - x2| > 1 80, then the distance between the subscriber and data center is 

2 2 1/2 

((360- (|xl-x2|)) + (yl-y2) ). 

20 The (x,y) route attribute can be proposed to IETF as the extension of BGP route attribute. 

R f fiahle Multicast Transport Protocol 

Referring to Fig 4 Directory Information Multicast Update in Service Manager Farm 
and Fig 5 Reliable Multicast Transport Protocol Sequence, in order to simultaneously up- 

25 date the information to the service devices in a multicast capable network and to improve 
performance, the reliable Multicast transport protocol is used to satisfy this purpose. It is 
similar to TCP, but with two-way (send and acknowledge handshake) instead of 3 -way 
handshake is defined between sender and all the recipients to establish the connection. 
After that, the Service manager is responsible for specifying the window size (in packets) 

30 such that a sender can send message without acknowledgement. The window size is one of 
the service attributes registered by each service engine to the Service Manager. The 
Service Manager chooses the lowest value from the service attributes of the window size 
registered by each recipient. At the end of each window, the Service Manager is also re- 
sponsible for acknowledging the receipt on behalf of all other recipients. It is recommend- 
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ed that the Service Manager should wait a small silent period (could be a configurable 
value) before sending the acknowledgement. The recipient should send a re-send request 
from the starting sequence number {for the window) if it detects any out of sequence packet 
reception or time out without receiving any packet in a configurable value. The sender can 
5 choose to resend from the specified re-send sequence number or terminate the connection 
and restart again. Unless The connection is terminated, the recipient will simply drop the 
packet that has been received The last packet should acknowledge by all recipients not just- 
Service Manager so as to indicate the normal termination of the connection. If the Service 
Manager detects that any recipient does not acknowledge the last packet within a time-out, 

10 it will request to re-send the last packet to that recipient (an unicast packet). If there are 
more than 3 re-sends which have been tried, the device will be declared as dead and will be 
removed from service engine list by Service Manager. If there is only one packet delivered, 
this protocol will become a reliable data gram protocol. Window size is defined as the 
outstanding packets without acknowledgement. Acknowledgement and re-send request are 

15 both multicast packets which allow the Service Manager to monitor. 

Reliable Multicast Directory Update Protocol 

See Fig 7, Reliable Multicast Directory Update Protocol is illustrated. It is running on 
Reliable Multicast Transport Protocol. The protocol is similar to LDAP run over TCP 
20 except that the transport layer is Reliable Multicast Transport Protocol 

Reliable Multicast Management Protocol 

Referring to Fig 8 7 Reliable Multicast Management Protocol Sequence is illustrated, the 
Reliable Multicast Management Protocol Sequence is running on Reliable Multicast 
25 Transport Protocol Since there is only one packet to be delivered, this protocol will be- 
come a reliable multicast data gram protocol. The protocol is similar to SNMP run over 
Ethernet except that there is a transport layer to provide the multicast and reliability serv- 
ice. 

30 Hierarchical Management information and Management method 

The management agent is formed as a part of the Service Manager. For Policy-based 
Service Management, management information is defined in different level. Aggregation 
of management information is from one level to a next level. For example, the number of 
web page hit could have a counter for each cache service engine as well as a total counter 
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for the whole level 1 service engine farms or the whole data centers. 

For configuration management information, also define the configuration for different 
level. For example, a default router configuration is only for the same subnet, and DNS 
server could be for the whole Data Center. The Level 1 service manager is responsible for 
5 multicasting default router configuration to the whole subnets while the Level 2 service 
manager sends the DNS server configuration to Level 1 service manager with indication of 
its Data Center level configuration. Then, the level I service manager needs to multicast its 
member in its subnet. Lower-level configuration or policy cannot conflict with higher- 
level policy; if it the case, the higher-ievel policy should take precedence over the low- 
10 level one. 

Directory schema and SNjVtP MIB 

Several directory information schema and SNMP MIB need to be defined to support 

this Hierarchical Scalable Integrated Service Networks (HSISN). 

15 Web Site object 

Weh Content object 
Service Engine object 
Integrated Service Switch object 

User object 
20 And other objects 

Using the following URL as an example. 

Web Site object (origin or cache site) 
25 Origin Web Site 

DN (Distinguished Name): http, vision, yahoo, com 
Attributes: 

Service Site EP address: 
Cached Service Site 

30 DN (Distinguished Name): subnet l a DataCenter2, CDN3 
Attributes: 

Service Site IP address: 
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New entry creation of Web Site object 

Origin site will send DGP LDAP_ADD DN: hfrp vision, yahoo com to Level 3 Service 
Manager (also as a DNS server) to add a new entry. 

5 Entry modification of Web Site object 

Based on the service level agreement, Level 3 Service Manager sends DGP 
LDAP_MODIFY_ADD web site object entry's attribute of Service Site Location. These 
IP addresses will add to the list of DNS entries of vision.yahao;com. 

The Yahoo's DNS server, which is responsible for the vision.yahoo.com, should refer 
10 the DNS request for vision yahoo.com to DNS in level 3 Service Manager. The DNS in 
level 3 Service Manager will reply with the IP address of service site that has lowest 
service metric, to the subscriber or based on other policies. 

Cached Web Site Selection based on the best response from the cached web site to the 
15 subscriber 

Example of one Yahoo web site with video based financial page: 

Internet access provider's DNS server will refer to Yahoo's DNS server, and for vi- 
20 sion.yahoo.com. Yahoo's DNS server will refer to Level 3 Service Manager of the content 
distribution service provider. 

Each data center may have one or more service web sites,, and each service web site may 
be served by a server farm with a virtual IP address. If there are multiple caching service 
sites of vision.yahoo.com available (ex. site one is 216.136.131.74, site two 
25 216.136.131.99) and all assigned to serve vision, yahoo. com. The DNS in level 3 Service 
Manager will have multiple entries for vision.yahoo.com. It will select one of the sites as 
the DNS reply based on the policies (weighted round robin or service metric from these 
sites to the subscriber). Assume 216.136.131.74 is selected by the DNS as the response to 
the subscriber. 
30 The subscriber sends http request as 
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Service metric 

The Service raemc from subscriber 1 to sitel is the current average server service i£r 
^ponse rime by site 1 + weight * the currenT Prnyimitv from subscriber 1 to site 1. The 
weight is configured based on policy. The site 1 calculates the current Proximity by the 
5 formula mentioned above. The site 1 of Level 1 Service Manager will receive the response 
time from each server in their keep-alive message by the service engine to calculate the 
current average service response time by servers as a loading factor of this site, 

Web Content object (in either origin or cached site) 
10 DN: fv.hr mL, ie, web, http, vision, yahoo, com 
Attributes: 

Original Content Location: IP address of the origin server 

Cached Content Location: DN of the cached service site 1, number of cached 

service engines that have this content in site 1, DN of the cached service site 
15 2. number of cached service engines that have this content in site Z, DN of 

the cached service site 3 1, number of cached service engines that have this 
content in site 31, DN of the cached service srfce 41 
Cached Content Service Engine MAC address in the Level 1 Service Manager: 
Service engine 1 MAC (apply only to Level 1 Service Manager), 
20 Service engine 2 MAC (apply only to Level 1 Service Manager), 

Number of Caching service engines that have the cached content 
Content Last modified date and time: 
Content expire date and time: 

25 

Service Engine object 

DN. IP Address, Subnet 1, DataCenter2, CDN3 
Attributes: 
30 Service Type: 

Service engine Name: 

Service engine Subnet mask: 

Service engine MAC addresses: 

Service engine Security policy: use SSL if different Data Center 
35 Service Manager IP address: 
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Service engine certificate: 
Integrated Service Switch object 

DN: IP address on server farm interface, Subnet 1, Dal3.Center2 9 CDN3 
5 Attributes: 

Switch Type 
Switch IP address 
Switch MAC address: 
Service Manager LP address: 
1 0 Switch certificate. 

User object 

DN: names organization^ country 
1 5 Attributes; 

Postal Address 
Email address 
User certificate: 
Accounting record. 

20 

New entry creation and modification of Web Content object 

Based on the service agreement, origin site will send DGP LDAP_ADD PK'^htmL 
wgh http vision, yafiaa cam to Level 3 Service Manager. After 216.136.131.74 is selected 
by the DNS as response, the subscriber sends http request as 

25 

The integrated service switch of this virtual IP address will direct the request to one of 
the less congested caching service engine based on another patent we invented, say caching 
engine one is selected. If the content is not in caching engine one, it sends LDAP search 
request to its level 1 Service Manager. If level 1 Service Manager doesn't have the content 
30 either, it refers to its level 2 Service Manager. If level 2 Service Manager doesn't have the 
content either, it refers to its ievel 3 Service Manager. The level 3 Service Manager will 
return the attributes of origin server IP address, indication of eacheable or not and other 
content attributes. It is not eacheable, caching engine one will hop-redirect the subscriber 
to the origin server 
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If it's cacheable content, the caching engine one will then initiate a new http session on 
behalf of the subscriber to the origin server. And it will cache the content if ^cacheable" is 
also specified in the hrtp response from the origin server. The redirect message is also 
supported by RTSP too, bur may not always be supported by other existing application 
5 protocols. Once the content is cached, then it will LDAP_ADD object of DM: fv.himl ie 
web, http. vision, yahoo, cam to Level 1 Service Manager. If object is not found in Level 1 
Service Manager, then add DM: Jv.html ie. weh http, vision, yahoo com with attribute of 
Cached Content Location of itself (DN of the service engine). If object is found in Level 1 
Service Manager, then the object is to be modified to be added as new Cached Content 
10 Location attribute Level 1 Service Manager will then do DGP LDAP ADD or DGP 
LDAP_MODIFY_ADD DM: fv.htmL te web, http. vision, yahoo, cam t o Level 2 Service 
Manager. Level 2 Service Manager will then do DGP LDAP_ADD or DGP 
LDAP_MODIFY_ADD DN' jv. html ie web http vision yahoo, com to Level 3 Service 
Manager. 

1 5 The update of cache location directory information update is a triggered update opera- 

tion that should be a lot taster than a periodical synchronization process used in existing 
replication process among LDAP servers. 

Content retrieval from nearest location (origin or cached) 

20 Retrieval from neighbor cache service engine is managed by the same level 1 Service 
Manager in the same LAN. If there is another subscriber sends http request as 

and the http request is forwarded by integrated servi- 
ce switch to service engine 2, which is managed under same level 1 Service Manager (also 
as a LDAP Server) as service engine 1 . When service engine which doesn't have the 

25 content, LDAP SEAJRCH from its level 1 Service Manager, which will return the attribute 
with service engine 1 as the content cached location. 

Since it's cacheable content, the service engine 2 will then initiate a new http session on 
behalf of the subscriber to the service engine 1 instead of the origin server. And it will 
cache the content in addition to responding the content to its subscriber. Once the content is 

30 cached, service engine 2 will LDAP_ADD to the same Level 1 Service Manager (also as 
LDAP Server) The entry should have existed, the service engine 2 will 
LDAP MODIFY ADD to add another cached location (itself) to the content attribute. 

Retrieval from neighbor site is managed by the same level 2 Service Manager for the 
whole Data Center. If there is another subscriber who sends http request to second service 

35 site as and is forwarded to service engine 3 1 by the 
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integrated service switch of the service site of 216.136.131.99. When service engine 31, 
which doesn't have the content, LD AP S EARCH from its Level 1 Service Manager, 
which doesn't have the content either and then refer to Level 2 Service Manager, which 
will return the site of 21 6 136.131 74 as the cached location with attribute of the number of 
service engines that have the content. In case there are two or more sites that have the con- 
tent, the site thai has more service engines that have the content is to be chosen. Service 
engine 3 1 will then initiate a new http session on behalf of the subscriber to 21 6. 1 36. 13 1 .74 
instead of the origin server And the service engine 31 will cache the content in addition to 
responding the content to its subscriber. Once the content is cached, service engine 31 will 
LDAP ADD to its level 1 Service Manager (also as LDAP Server) The entry should not 
be found, level 1 Service Manager will add HAT- f». html ir weh http vision yah,x>, com 
with attribute of Cached Content Location of itself (MAC address). And service engine 
31's Level 1 Service Manager will also DGP LDAP_ADD DKJvhtml , rff wft http . v t~ 
<7»/7 vahnn com to Level 2 Service Manager. The entry should be found, the level 2 
Service Manager will modify to add another cached location (itself) to the content attribute 
and increment the number of sites that have the content. 

Retrieval from neighbor Data Center is managed by the same Level 3 Service Manager 
for the whole CDN (Content Delivery Network) If there is the second service site of 
1S located at another Data Center and if that Data Center doesn't have such 
cached content yet, the LD APSE ARCH will eventually refer to Level 3 Service Manager 
to find the cached Data Center location The http proxy will then be initiated on behalf of 
the subscriber from the caching service engine of one Data Center to its neighbor Data 
Center instead of the ongin server, if the neighbor Data Center has the cached content. In 
case that multiple Data Centers have the cached content, the number of caching service 
engines (in that Data Center) that have the cached content determine the preference. 

Service engine is able to dynamically discover its referral LDAP server, which is its 
level 1 Service Manager The Level 1 Service Manager may or may not need a static con- 
figuration to find its Level 2 Service Manager, depending on whether or not the link state 
routing protocol (ex. OSPF) is running. If it is running, the opaque link state packet can be 
used to carry the service manager information and to be flooded to the routing domain. The 
LDAP search result could also be influenced by policy configuration. It is also possible to 
add policy management related attributes of that content such as proxy or redirect, cache 
life-time if cacheable etc. 
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Cached Content invalidation 

When the origin server modifies the content of I>N: jv. html ie. yveb. http. vision, yahon. 
corn , it will LDAP_MODIFYJDELETE to remove all the Cached Content Locations from 
Level 3 Service Manager Alternatively,, it can conduct a scheduled content update by 
5 specifying or change the expiration date attribute of the content through DGP. The Level 3 
Service Manager will LD AP MOD1F Y DELETE to remove all the Cached Content Lo- 
cations or change expiration date from Level 2 Service Managers that it manages. 

And the Level 2 Service Manager will then LDAPJVtODIFY DELETE to remove all 
the Cached Content Locations or change expiration date from Level 1 Service Managers 
10 that it manages. And the Level 1 Service Manager will notify (multicast) all its caching 
service engines to remove that Cached Content from its storage. 

When the content has been scheduled to be changed by the origin server, the origin 
server can also send LD AP MODIFY_REPLACE to modify the content last modified date 
and time attribute in level 3 Service Manager and propagate downward to lower level 
15 Service Managers and caching service engines. Based on the last modified date and time, 
the server determines when to throw away the old content. 



The dynamic discovery of among Service Engines (LDAP client), Level 1 
Service Manager and Level 2 Service Manager 

20 In a (layer 2) LAN environment, layer 2 multicast can be utilized to propagate the 
service information to level 1 Service Manager from all the service engines. A well-known 
Ethernet multicast address will be defined for Level 1 Service Managers (primary and back 
up Level 1 Service Manager). 

At the link state routing domain, opaque-link-state-packet flooding will be used to 

25 propagate the service engine and services it provide in one area or one autonomous system 
" by all the Level 1 Service Manager and Level 2 Service Manager. 

Level 2 Service Managers should always flood to the whole autonomous system. 
If the whole autonomous system only have one Level 2 Service Manager, then opaque link 
State packets by Level 1 Service Manager should flood to the whole autonomous system. 

30 If each area has one Level 2 Service Manager, then opaque link state packet by the Level 1 
Service Manager should flood to the area only. The Level 2 Service Manager can refer to 
other Level 2 Service Manager first before referring to Level 3 Service Manager for direc- 
tory information, although the DGP connection to other same level Service Manager is not 
allowed. 
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Beyond one autonomous system, IP multicast may be utilized to propagate the service 
within the IP multicast tree to be among .Level 2, Level 3 or Level 4 Service Managers. The 
static configuration can also be used to propagate,, search and update the service among 
Service managers 

5 

Content delivery with quality (possible other policy too) through hop by hop 

flow advertisement from caching service engine to client with crank back 

Hop by hop flow advertisement protocol for IP flow is specified based on pattern- 
matching rules Flow advertisement will start from the caching service engine to its up- 

1 0 stream integrated service switch after the authentication and accounting are checked or 
initiated, and the integrated service switch can continue to advertise the flow to its up- 
stream neighbor integrated service switch and hop by hop to the end user, if the flow ad- 
vertisement protocol is supported. But the end user is not required to be involved in the 
flow advertisement protocol En case the flow advertisement protocol is not supported, each 

1 5 hop will map the flow and flow attribute to its (could be different) upstream traffic charac- 
teristics through static configuration or signaling protocol. For example* the IP flow can 
map to ATM SVC or PVC, the ATM PVC or SVC can also map to IP flow through this 
hop-by-hop flow advertisement. If IP MPLS is also available, IP flow advertisement can 
map to MPLS through MPLS signaling protocol. If the upstream hop does not support any 

20 flow signaling, the flow advertisement would be stopped. 

Flow switching requires every hop involved and should try to include all network de- 
vices from layer 2 to Layer 7 switching devices as long as the flow can be mapped and 
defined. If only the class of traffic is defined, the down stream hop should still try to map to 
the appropriate traffic class on the upstream. The typical example of quality of service can 

25 map to whatever available on the up stream network such as DifFServ, Cable Modem's SID 
and 802.1 p. 

In the case that the link or switch is down along the flow path, the upstream hop should 
terminate the flow by sending flow withdraw advertisement to its further upstream neigh- 
bor and propagate to the end user. On the other hand, the downstream hop should initiate 

30 another flow advertisement to the other available upstream hop and further propagate to the 
end user to re-establish the flow. If there is no upstream hop can accept the flow, the switch 
should terminate the flow, and advertise flow termination (crank back) to its downstream 
hop and its downstream hop should find another available upstream hop so as to try to 
propagate to the end user again. If the upstream hop is not available again, advertise flow 

35 termination (crank back) to its downstream hop should continue until one available switch 
is found, or back to the service engine which will abort the flow. 
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VPN with PKI 

VPN with PKI can use the same directory enabled network, for none-content related 
service engine such as IPSEC engine. VPN with PKI can also refer to its Level 1 Service 
5 Manager to search the certificate and the like. And refer to Level 2 and 3 Service Managers 
for hierarchical user and accounting management. 
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